Maybe I can say it in other words: (1) If I am normal user, I should only see "my" part of the table and I can work with it. This is perfectly assured by db.auth_group._common_filter=**lambda query: (db.auth_group.org==session.** org <http://session.org/>)
(2) If I am the admin and if I use the admin application I want to see all whole tables and of course I want to have the right to edit all tables with common filters, independent of the value of session.org. Or, more simple: an admin (using the admin application) has access to all tables and all fields. ignore_rw does it for the readonly/writonly attribute and the same should be done with ignore_common_filters 2012/8/21 Massimo Di Pierro <[email protected]> > I think you want: > > from gluon.fileutils import check_credentials > if not *check_credentials(request):* > * if not session.org: redirect('some_error_page') > * db.auth_group._common_filter=**lambda query: (db.auth_group.org== > session.**org <http://session.org/>) > > > > On Tuesday, 21 August 2012 01:04:38 UTC-5, mweissen wrote: > >> This is the new code: >> >> from gluon.fileutils import check_credentials >> db.auth_group._common_filter=**lambda query: \ >> (db.auth_group.org==session.**org <http://session.org>) *or >> check_credentials(request)* >> >> I have tested check_credentials(request): it returns True - good! >> But - sorry! - it did not solve the problem: >> >> - Let's say I have 100 auth_group rows with org==1 and 100 auth_group >> rows with org==2 >> - The admin application tells me "100 selected", but I can *see all >> 200* rows. >> - I have tried to change one record. I can open this row, change any >> field and submit it. >> - I get the flash "*Done*" But nothing has happened - the old values >> are in the table. >> >> About the message "value not in database": my fault - a wrong >> db.auth_group.org.requires >> somewhere in the model. >> >> 2012/8/21 Massimo Di Pierro <[email protected]> >> >> Apologies >>> >>> check_credentials(request) >>> >>> instead of >>> >>> check_credentials('admin') >>> >>> >>> On Monday, 20 August 2012 14:33:55 UTC-5, mweissen wrote: >>> >>>> A little bit more code: >>>> >>>> db.define_table('org', >>>> Field('orgnr', >>>> Field(shortname', >>>> length=20, >>>> requires=IS_LENGTH(maxsize=20,****minsize=3)), >>>> ... >>>> ) >>>> >>>> >>>> auth.settings.extra_fields['**au**th_group']=[ >>>> Field('org','reference org', >>>> default=lambda: session.org, >>>> requires=IS_IN_DB(db, 'org.id', '%(shortname)s', >>>> error_message=T('Not allowed')), >>>> ),... >>>> >>>> from gluon.fileutils import check_credentials >>>> >>>> db.auth_group._common_filter=**l**ambda query: >>>> (db.auth_group.org==session.**or**g <http://session.org>) or >>>> check_credentials('admin') >>>> >>>> >>>> >>>> Now I am using the admin interface and I try to change one row of >>>> auth_group. The same result as before (without >>>> check_credentials('admin')) >>>> >>>> - The value of auth_group.org==1. >>>> - The error messae is "value not in database" >>>> - And, of course, there is a record in db.org with db.org.id==1 >>>> >>>> To learn more about check_credentials I added: >>>> >>>> if check_credentials('admin'): print 'Admin' >>>> >>>> Only for the test. >>>> >>>> And I get a new error message: >>>> >>>> 127.0.0.1.2012-08-20.21-05-04.****43dc8360-a22d-408d-8889-**00fe62** >>>> ef4a38 >>>> <type 'exceptions.AttributeError'> 'str' object has no attribute 'env' >>>> Version web2py™ (2, 0, 0, datetime.datetime(2012, 8, 9, 8, 57, 54), >>>> 'dev') Python Python 2.7.2: D:\Python27\python.exe Traceback >>>> >>>> >>>> 1. >>>> 2. >>>> 3. >>>> 4. >>>> 5. >>>> 6. >>>> 7. >>>> 8. >>>> 9. >>>> >>>> >>>> Traceback (most recent call last): >>>> File "D:\...\web2py\gluon\**restricte**d.py", line 205, in restricted >>>> >>>> >>>> >>>> >>>> >>>> >>>> exec ccode in environment >>>> File "D:/.../web2py/applications/**se**cure/models/db.py" >>>> <http://127.0.0.1:8000/admin/default/edit/secure/models/db.py>, line 389, >>>> in <module> >>>> >>>> >>>> >>>> >>>> >>>> >>>> if check_credentials('admin'): print 'Admin' >>>> >>>> >>>> >>>> >>>> >>>> >>>> File "D:\...\web2py\gluon\**fileutils**.py", line 328, in >>>> check_credentials >>>> >>>> >>>> >>>> >>>> >>>> >>>> if request.env.web2py_runtime_gae****: >>>> >>>> >>>> >>>> >>>> >>>> AttributeError: 'str' object has no attribute 'env' >>>> >>>> >>>> >>>> 2012/8/20 Massimo Di Pierro <[email protected]> >>>> >>>> You can do: >>>>> >>>>> db.define_table(...., common_filter = None if not session.org else >>>>> (lambda query:(db.my_table.org==sessio****n.org <http://session.org/> >>>>> ))) >>>>> >>>>> you can also use the check: >>>>> >>>>> from gluon.fileutils import check_credentials >>>>> check_credentials('admin') #returns true if you are logged as admin. >>>>> >>>>> >>>>> On Monday, 20 August 2012 12:48:29 UTC-5, mweissen wrote: >>>>> >>>>>> (1) session.org will be set with the login. But I am an >>>>>> administrator: I think I should use the admin application without a >>>>>> login >>>>>> to the application itself. >>>>>> >>>>>> (2) Lets say session.org==1: now it is not possible to change a >>>>>> record with my_table.org==2 using the admin app. >>>>>> >>>>>> (3) Did you mean: >>>>>> >>>>>> common_filter = lambda query: >>>>>> (db.my_table.org==session.org)****** if session.org else True >>>>>> >>>>>> >>>>>> Interesting idea! >>>>>> >>>>>> 2012/8/20 Massimo Di Pierro <[email protected]> >>>>>> >>>>>> How do you set the common filter? Seems to me if session.org is not >>>>>>> set, the common filter should not be set. web2py cannot ignore it >>>>>>> because >>>>>>> it does the wrong thing. >>>>>>> >>>>>>> >>>>>>> On Monday, 20 August 2012 11:41:41 UTC-5, mweissen wrote: >>>>>>>> >>>>>>>> I have an application which should be used by some organizations. >>>>>>>> Therefore I have added >>>>>>>> >>>>>>>> Field('org','reference org', default=lambda:session.org), >>>>>>>> >>>>>>>> and >>>>>>>> >>>>>>>> common_filter = lambda query: db.my_table.org==session.org >>>>>>>> >>>>>>>> to my_table. session.org contails the id of the respective >>>>>>>> organization. >>>>>>>> Great feature,works fine! But using the database administration of >>>>>>>> the admin-application the common filter is still active. >>>>>>>> There is an "ignore_rw=True" in the admin application and I think >>>>>>>> I have read somewhere that there is also an " >>>>>>>> ignore_common_filters=True". >>>>>>>> >>>>>>>> If session.org is not set, a "database db select" shows strange >>>>>>>> effects: >>>>>>>> >>>>>>>> - I can see the first 100 rows. >>>>>>>> - But the message is "0 selected" >>>>>>>> - It is not possible to Update a record >>>>>>>> >>>>>>>> >>>>>>>> A simple "ignore_common_filters=True" at the appropriate location >>>>>>>> should solve the problem. I have taken a quick look at the code, but I >>>>>>>> think this statement has to be "very inside", therefore I have no >>>>>>>> concrete >>>>>>>> proposal. >>>>>>>> >>>>>>>> Regards, Martin >>>>>>>> >>>>>>> --
